Kyputer
@kyputer.com
Digital Mercenary | Advisor for some orgs |
Loves hackathons 👩🏽💻☕👨🏽💻
Live on twitch.tv/kyputer
Loves hackathons 👩🏽💻☕👨🏽💻
Live on twitch.tv/kyputer
Blowin em up like a cybertruck! twitch.tv/kyputer
Kyputer - Twitch
NEW YEAR VIBES! 😎 Cruel mode POE noob gets clapped up! Back Seating allowed! | Cyber Guy AMA | 🍉🇵🇸FREE PALESTINE!🇵🇸🍉
twitch.tv
January 2, 2025 at 2:52 AM
Blowin em up like a cybertruck! twitch.tv/kyputer
Reposted by Kyputer
WE'RE LIVE AND ALIVE TALKING ABOUT ATUL SUBHASH'S DEATH AND LETTER AND THE REACTIONS TO SAID LETTER
twitch.tv/ARUNANNOW
twitch.tv/ARUNANNOW
ArunAnnow - Twitch
🔴 ATUL SUBHASH LETTER EXPOSED 🔴 NEWS AND REACTS
TWITCH.TV
December 14, 2024 at 4:18 PM
WE'RE LIVE AND ALIVE TALKING ABOUT ATUL SUBHASH'S DEATH AND LETTER AND THE REACTIONS TO SAID LETTER
twitch.tv/ARUNANNOW
twitch.tv/ARUNANNOW
I was showing a woman some pictures of my video game collection at a dinner party, and she interjected that I was "really jacked, and that's cool." "Thanks! So anyways, the gameboy pocket came after the gameboy, but before the gameboy color! Mine is red!"
November 25, 2024 at 4:35 AM
I was showing a woman some pictures of my video game collection at a dinner party, and she interjected that I was "really jacked, and that's cool." "Thanks! So anyways, the gameboy pocket came after the gameboy, but before the gameboy color! Mine is red!"
I am training around 5 people in Brooklyn rn. Turning all the twinks into twunks. You can thank me later 🫡
November 24, 2024 at 9:09 PM
I am training around 5 people in Brooklyn rn. Turning all the twinks into twunks. You can thank me later 🫡
Honestly, I gotta respect the hustle 🤣
September 28, 2023 at 6:47 PM
Honestly, I gotta respect the hustle 🤣
Due to the lack of boundaries between the DOM and extensions, researchers at the Univ. Wisconsin - Madison developed a chrome extension that can reliably rip passwords from the fields of tons of websites.
Password-Stealing Chrome Extension Demonstrates New Vulnerabilities
Academic researchers design a Chrome extension to steal passwords from input fields and publish it to the Chrome webstore.
www.securityweek.com
September 6, 2023 at 7:53 PM
Due to the lack of boundaries between the DOM and extensions, researchers at the Univ. Wisconsin - Madison developed a chrome extension that can reliably rip passwords from the fields of tons of websites.
Mirai botnet has been found on low-end Android TV boxes. This variant is based on the Pandora backdoor from 2015. These boxes are hefty enough to effectively DDoS a target in small groups. The malware is either being delivered via updates or pirate apps.
Mirai variant infects low-cost Android TV boxes for DDoS attacks
A new Mirai malware botnet variant has been spotted infecting inexpensive Android TV set-top boxes used by millions for media streaming.
www.bleepingcomputer.com
September 6, 2023 at 6:44 PM
Mirai botnet has been found on low-end Android TV boxes. This variant is based on the Pandora backdoor from 2015. These boxes are hefty enough to effectively DDoS a target in small groups. The malware is either being delivered via updates or pirate apps.
There is a zero-day in the latest version of the Atlas VPN client for Linux-based clients. An adversary can disconnect you from the VPN and obtain your IP with a few simple requests. If you navigate to an attacker-controlled resource, this is trivial.
A zero-day in Atlas VPN Linux Client leaks users' IP address
Experts warn of an Atlas VPN zero-day flaw impacting the Linux client that can reveal the user's IP address by visiting a website.
securityaffairs.com
September 6, 2023 at 6:33 PM
There is a zero-day in the latest version of the Atlas VPN client for Linux-based clients. An adversary can disconnect you from the VPN and obtain your IP with a few simple requests. If you navigate to an attacker-controlled resource, this is trivial.
Bike nature stream! twitch.tv/kyputer
Kyputer - Twitch
Anon Sudan Hacks Twitter 🐦 Russia's Shiny New Android Malware Hits Ukraine's Military 🤖 | Cyber Guy AMA ✋
twitch.tv
August 31, 2023 at 9:15 PM
Bike nature stream! twitch.tv/kyputer
Is Anon Sudan Russian or Sudanese? The criminals provided passport pictures and their live location over Telegram(easily spoofable) to prove they are not Russian. The group has attacked various government web services and claims to fight for islam and Sudan.
Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink
Prolific hackers accused of being a front for Russian cyber-operation shares counter evidence with the BBC.
www.bbc.com
August 31, 2023 at 6:33 PM
Is Anon Sudan Russian or Sudanese? The criminals provided passport pictures and their live location over Telegram(easily spoofable) to prove they are not Russian. The group has attacked various government web services and claims to fight for islam and Sudan.
GhostSec has breached the software suite used by Iranian authorities to surveil and oppress their populace. The dump includes everything from facial data to source code. GhostSec is a politically motivated hacktivist group fighting fort privacy rights.
GhostSec Claim Breaching Iranian Govt Surveillance Software Tool
Twitter @Hackread - Facebook @ /Hackread
www.hackread.com
August 30, 2023 at 9:17 PM
GhostSec has breached the software suite used by Iranian authorities to surveil and oppress their populace. The dump includes everything from facial data to source code. GhostSec is a politically motivated hacktivist group fighting fort privacy rights.
The national Japanese cybersecurity readiness agency has been compromised for MONTHS. Going public with this info at the start of Aug, the agency has said that emails have been leaked to unauthorized parties and could be used for further attacks.
www.bitdefender.com/blog/hotfors...
www.bitdefender.com/blog/hotfors...
Japan's cybersecurity agency admits it was hacked for months
Japan’s National Center of Incident Readiness and Strategy for Cybersecurity
(NISC), the agency responsible for the nation's defences against cyber attacks,
has itself been hacked.
www.bitdefender.com
August 30, 2023 at 9:06 PM
The national Japanese cybersecurity readiness agency has been compromised for MONTHS. Going public with this info at the start of Aug, the agency has said that emails have been leaked to unauthorized parties and could be used for further attacks.
www.bitdefender.com/blog/hotfors...
www.bitdefender.com/blog/hotfors...
A Chinese APT has been using trojanized versions of the Signal and Telegram Android apps to compromise unwitting users. This malware can extract everything from geoloc to call and sms logs. It also can activate the cameras and pull files/contacts.
Trojanized Signal and Telegram apps on Google Play delivered spyware
Trojanized Signal and Telegram apps containing the BadBazaar spyware were uploaded onto Google Play and Samsung Galaxy Store by a Chinese APT hacking group known as GREF.
www.bleepingcomputer.com
August 30, 2023 at 8:53 PM
A Chinese APT has been using trojanized versions of the Signal and Telegram Android apps to compromise unwitting users. This malware can extract everything from geoloc to call and sms logs. It also can activate the cameras and pull files/contacts.
Microsoft is pushing for updating a UN proposal for a cybercrime treaty. Microsoft fears that this could lead to legalizing state surveillance across borders, suppression of dissent, and criminalizing research instead of meeting its goals of stopping cybercrime.
Microsoft weighs in on Russian-led UN cybercrime treaty
It could be used to put ethical hackers, and citizens, behind bars
www.theregister.com
August 30, 2023 at 8:23 PM
Microsoft is pushing for updating a UN proposal for a cybercrime treaty. Microsoft fears that this could lead to legalizing state surveillance across borders, suppression of dissent, and criminalizing research instead of meeting its goals of stopping cybercrime.
Is this the biggest botnet ever recorded? Eclipsing Srizbi by about 250k compromised machines, Qakbot owned a massive ~700k hosts. The US DOJ worked with France, Germany, the Netherlands, the UK, Romania, and Latvia to shut down Qakbot's operations.
Qakbot botnet disrupted, malware removed from 700,000+ victim computers - Help Net Security
Qakbot botnet crippled: 52 of its servers have been seized, and the malware loader has been removed from over 700,000 victim computers.
www.helpnetsecurity.com
August 29, 2023 at 8:39 PM
Is this the biggest botnet ever recorded? Eclipsing Srizbi by about 250k compromised machines, Qakbot owned a massive ~700k hosts. The US DOJ worked with France, Germany, the Netherlands, the UK, Romania, and Latvia to shut down Qakbot's operations.
Typosquatting and malicious packages are a part of the adversary toolkit for targeting developers and their companies. The latest malicious packages discovered on the Rust language's registry, crate, capture and send OS information to a telegram.
thehackernews.com/2023/08/deve...
thehackernews.com/2023/08/deve...
Developers Beware: Malicious Rust Libraries Caught Transmitting OS Info to Telegram Channel
Attention developers! Malicious packages found on Rust's crate registry. They target your machines, capture OS info, and use Telegram for data transfe
thehackernews.com
August 28, 2023 at 6:31 PM
Typosquatting and malicious packages are a part of the adversary toolkit for targeting developers and their companies. The latest malicious packages discovered on the Rust language's registry, crate, capture and send OS information to a telegram.
thehackernews.com/2023/08/deve...
thehackernews.com/2023/08/deve...
This botnet malware scans ransom IP addresses for open SSH ports, and uses a wordlist from an attacker-controlled resource, to brute force servers. It has started targeting the telnet protocol and other CPU architectures as well.
KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities
KmsdBot botnet malware has evolved, now targeting a wider range of IoT devices.
thehackernews.com
August 28, 2023 at 6:11 PM
This botnet malware scans ransom IP addresses for open SSH ports, and uses a wordlist from an attacker-controlled resource, to brute force servers. It has started targeting the telnet protocol and other CPU architectures as well.
There is a PoC to upload, without prior authentication, and execute arbitrary PHP code on @JuniperNetworks firewalls and switches. They achieve this by using the PHPRC env variable to change the php.ini file used. They then point that at their code.
www.helpnetsecurity.com/2023/08/28/p...
www.helpnetsecurity.com/2023/08/28/p...
PoC for no-auth RCE on Juniper firewalls released - Help Net Security
WatchTowr Labs Researchers have released a PoC exploit that allows no-auth RCE on Juniper Networks' SRX firewalls.
www.helpnetsecurity.com
August 28, 2023 at 5:56 PM
There is a PoC to upload, without prior authentication, and execute arbitrary PHP code on @JuniperNetworks firewalls and switches. They achieve this by using the PHPRC env variable to change the php.ini file used. They then point that at their code.
www.helpnetsecurity.com/2023/08/28/p...
www.helpnetsecurity.com/2023/08/28/p...
LeaseWeb disabled some critical systems following a recent security breach. They put out a statement saying they are reducing potential risks to clients in the future and have brought in an external firm to assist in restoring and securing systems.
Leaseweb is restoring ‘critical’ systems after security breach
Leaseweb, one of the world's largest cloud and hosting providers, notified people that it's working on restoring "critical" systems disabled following a recent security breach.
www.bleepingcomputer.com
August 27, 2023 at 9:25 PM
LeaseWeb disabled some critical systems following a recent security breach. They put out a statement saying they are reducing potential risks to clients in the future and have brought in an external firm to assist in restoring and securing systems.
What would happen if your company's ID card vendor was breached? That is now the reality for the UK Met Police Force. The details of the 47k personnel include everything from photos and ranks to full ID numbers.
IT Contractor Data Breach Affects 47,000 Met Police Personnel
Twitter @Hackread - Facebook @ /Hackread
www.hackread.com
August 27, 2023 at 9:08 PM
What would happen if your company's ID card vendor was breached? That is now the reality for the UK Met Police Force. The details of the 47k personnel include everything from photos and ranks to full ID numbers.
The leak of the LockBit 3.0 Builder has given way to nearly 400 variants of the ransomware. Ransomware ops are moving quickly, now with a median of 5 days dwell time in the first half of 2023 (down from 9 days).
LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants
The leak of LockBit 3.0 ransomware builder has led to the emergence of various new cyber threats: Bl00dy, Buhti, and NATIONAL HAZARD AGENCY.
thehackernews.com
August 26, 2023 at 8:58 PM
The leak of the LockBit 3.0 Builder has given way to nearly 400 variants of the ransomware. Ransomware ops are moving quickly, now with a median of 5 days dwell time in the first half of 2023 (down from 9 days).
Newly coined 'camera injection' attack techniques pose a threat to facial recognition systems. By injecting manipulated video content it is possible to circumvent authentication systems utilizing facial recognition.
Deepfakes Are Being Used to Circumvent Facial Recognition Systems
Twitter @Hackread - Facebook @ /Hackread
www.hackread.com
August 26, 2023 at 8:35 PM
Newly coined 'camera injection' attack techniques pose a threat to facial recognition systems. By injecting manipulated video content it is possible to circumvent authentication systems utilizing facial recognition.
Deepfakes bypass Facial Recognition 😨 LockBit 3.0 -> Hundreds of Variants 🤖 | Cyber Guy AMA ✋ www.twitch.tv/kyputer
Kyputer - Twitch
Bottom G Politics™ Variety Streamer: cybersecurity/tech news every day, espresso making, building keyboards, and cycling/IRL! Subs get cat tricks or rubik's cube solves. https://throne.com/kyputer/w...
www.twitch.tv
August 26, 2023 at 7:56 PM
Deepfakes bypass Facial Recognition 😨 LockBit 3.0 -> Hundreds of Variants 🤖 | Cyber Guy AMA ✋ www.twitch.tv/kyputer
MSI mobo's and recent Windows updates have culminated in BSODs. It is best to avoid these preview updates if you have an affected motherboard.
MSI: Recent wave of Windows blue screens linked to MSI motherboards
MSI has officially confirmed the recent surge of blue screens of death (BSODs) encountered by Windows users after installing this week's optional preview updates is linked to some of its motherboard m...
www.bleepingcomputer.com
August 25, 2023 at 10:32 PM
MSI mobo's and recent Windows updates have culminated in BSODs. It is best to avoid these preview updates if you have an affected motherboard.